rpm package
opensuse/kubernetes1.25&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/kubernetes1.25&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-3294 | — | < 1.25.7-1.1 | 1.25.7-1.1 | Mar 1, 2023 | Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoint | ||
| CVE-2022-3162 | — | < 1.25.7-1.1 | 1.25.7-1.1 | Mar 1, 2023 | Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomRes | ||
| CVE-2022-27664 | — | < 1.25.7-1.1 | 1.25.7-1.1 | Sep 6, 2022 | In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. |
- CVE-2022-3294Mar 1, 2023affected < 1.25.7-1.1fixed 1.25.7-1.1
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoint
- CVE-2022-3162Mar 1, 2023affected < 1.25.7-1.1fixed 1.25.7-1.1
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomRes
- CVE-2022-27664Sep 6, 2022affected < 1.25.7-1.1fixed 1.25.7-1.1
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.